What are OS Sandboxing Techniques and How Do They Work?
Learn how OS sandboxing works — seccomp filters, SELinux/AppArmor, and defense in depth — with a code example and interview questions.
Expected Interview Answer
OS sandboxing is the practice of running a process inside a restricted execution environment that limits which system calls, files, and resources it can touch, so that even if the process is compromised or malicious, the damage it can do to the rest of the system is contained.
Sandboxing is implemented at several layers of the kernel and OS. Seccomp-bpf lets a process install a filter that whitelists or blacklists specific system calls, so a compromised process cannot invoke dangerous syscalls like ptrace or mount even if an attacker gains code execution inside it. Mandatory access control frameworks like SELinux and AppArmor go further, attaching labels or profiles to processes and files so that even a process running as root is restricted to a predefined set of file, network, and capability operations regardless of discretionary Unix permissions. Browser and application sandboxes (like Chrome’s renderer sandbox) combine seccomp filters, restricted namespaces, and reduced Linux capabilities so that a compromised web page’s rendering process cannot read arbitrary files or open new network sockets. Layered together, these techniques implement defense in depth: a single escape from one layer (say, a memory-corruption bug in a renderer) still has to defeat the seccomp filter, the namespace isolation, and the MAC policy before it can affect the host.
- Limits blast radius of a compromised or malicious process
- Enforces least privilege even for processes that would otherwise run as root
- Combines multiple independent layers for defense in depth
- Used in browsers, containers, and mobile OSes to isolate untrusted code
AI Mentor Explanation
Sandboxing is like a stadium letting a trialist bowl only in a fenced-off practice net using a restricted set of approved balls, with security staff physically blocking any attempt to walk onto the main pitch or handle equipment outside the approved list. Even if the trialist tries something unauthorized, the fence and the staff’s checklist stop it before real damage happens, mirroring how a seccomp filter blocks disallowed system calls before they execute. Multiple checkpoints — the fence, the staff, the equipment list — stack together so no single failure lets the trialist reach the main ground.
Step-by-Step Explanation
Step 1
Define the policy
A seccomp-bpf filter or MAC profile (SELinux/AppArmor) is written specifying which syscalls, files, and capabilities are allowed.
Step 2
Attach to the process
The filter or profile is loaded and attached to the process before it executes untrusted code, e.g. via prctl(PR_SET_SECCOMP).
Step 3
Runtime enforcement
Every syscall the process makes is checked against the policy; disallowed calls are blocked, killed, or logged.
Step 4
Layer additional controls
Namespaces, dropped capabilities, and reduced privileges are combined with the filter for defense in depth.
What Interviewer Expects
- Naming concrete mechanisms — seccomp, SELinux/AppArmor, capabilities — not just the word “sandbox”
- Explaining defense in depth: multiple independent layers, not one barrier
- Understanding that sandboxing restricts an already-running or untrusted process, distinct from authentication
- A real-world example like a browser renderer sandbox or a container security profile
Common Mistakes
- Treating sandboxing as a single technique rather than a layered set of mechanisms
- Confusing sandboxing with simple Unix file permissions alone
- Not knowing what seccomp-bpf actually filters (system calls)
- Assuming container default isolation is already a complete sandbox without added seccomp/MAC policies
Best Answer (HR Friendly)
“Sandboxing means running a piece of untrusted or potentially risky code inside a locked-down environment that only allows it to do a small, pre-approved set of things, so that even if it turns out to be malicious or buggy, it cannot reach the rest of the system. Real sandboxes stack several independent restrictions together — limiting which system calls a process can make, which files it can touch, and which permissions it holds — so that one mistake or exploit is not enough on its own to break out.”
Code Example
#include <seccomp.h>
#include <unistd.h>
int install_sandbox(void) {
/* Default action: kill the process for any syscall not explicitly allowed */
scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_KILL);
if (!ctx) return -1;
/* Whitelist only the syscalls this sandboxed task actually needs */
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0);
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0);
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit), 0);
seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0);
/* Any other syscall, e.g. execve or ptrace, now kills the process */
int rc = seccomp_load(ctx);
seccomp_release(ctx);
return rc;
}Follow-up Questions
- What is the difference between seccomp-bpf and SELinux/AppArmor?
- How does a browser sandbox a renderer process from the rest of the browser?
- What is a sandbox escape and how do defense-in-depth layers reduce its likelihood?
- How do Linux capabilities differ from full root privilege?
MCQ Practice
1. What does seccomp-bpf primarily restrict?
Seccomp-bpf installs a filter that allows, blocks, or kills the process based on which syscalls it attempts to invoke.
2. What is the core principle behind combining seccomp, namespaces, and MAC policies?
Layering independent restrictions means an attacker must defeat multiple mechanisms, not just one, to escape the sandbox.
3. What do SELinux and AppArmor add beyond standard Unix file permissions?
Mandatory access control frameworks restrict operations based on security policy labels, overriding what discretionary Unix permissions alone would allow.
Flash Cards
What is OS sandboxing? — Running a process in a restricted environment that limits its syscalls, files, and resources to contain potential damage.
What does seccomp-bpf filter? — System calls — it can allow, block, or kill a process based on which syscalls it attempts.
What is defense in depth in sandboxing? — Stacking multiple independent restriction layers so one bypassed layer alone is not enough to escape.
Name a mandatory access control framework. — SELinux or AppArmor — both enforce policy regardless of standard Unix permissions.